Cache-Control: max-age=3600, must-revalidate
Browsers and proxies may cache the response.
Browsers are permitted to cache the response, however proxies may not.
Browsers and proxies should re-validate the response
before serving a cached copy. Browsers have recently
started treating this directive like
to improper use.
Browsers and proxies must not serve or store the response, use for sensitive information.
Maximum freshness age in seconds. If seconds has exceeded the browser must re-validate with the server.
max-age except that it applies only to proxy
Insist that a browser must re-validate with
the server. This is more explicit than
must-revalidate however targetting
proxies. It insists that a proxy server must re-validate
however a browser does not. This is useful when an
authenticated page is cached in the browser, and you
do not want proxies to cache and serve the response.